- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- ;;
- RDK Video Documentation
- Features
- Firebolt Certification
- Architecture
- Components
- IARM Bus
- Wi-Fi
- Bluetooth (BT)
- bluetooth_mgr
- audiocapturemgr
- Crashupload
- DCA
- DTCP
- HDMI CEC
- IARM Manager
- Injected Bundle
- LED Manager
- libusbctrl
- Media Player
- Network Service Manager (netsrvmgr)
- rdkbrowser
- RDK Diagnostics
- sys_mon_tools
- TR-069 Hostif
- TRM
- Universal Plug and Play (UPnP)
- Device Settings
- RDK Logger
- RDK Services
- RDK TV HDMIInput/CompositeInput
- RDK TV MotionDetection
- RDK TV Audio settings
- RDK TV CEC & ARC/eARC
- RDK TV Picture Settings
- RDK TV Settings
- rdkbrowser2
- RMF_Tools
- Breakpad Wrapper
- cpuprocanalyzer
- Westeros
- Advanced Adaptive Media Player (AAMP)
- AAMP (IP Video) & ATSC Text Track Support
- AAMP & FOG Retry / Failover / Timeouts
- AAMP Adaptive Bitrate Behavior
- AAMP App Integration: Universal Video Engine (UVE) APIs
- AAMP Audio Output Settings
- AAMP Coding Guidelines
- AAMP Compatibility & Roadmap
- AAMP Configuration Options
- AAMP DASH Architecture Overview
- AAMP DASH – T6 linear Client Side DAI Design and Architecture
- AAMP Discontinuity and Multi-Period Handling
- AAMP Dynamic Ad Insertion (DAI)
- AAMP Error Codes
- AAMP Events and Logging
- AAMP Gstreamer Integration Overview
- AAMP HLS Architecture Overview
- AAMP – Native Video Engine Player API
- AAMP Playback Code Flow
- AAMP Session Token Flow
- AAMP Simulator Build (Linux) Instructions
- AAMP VCR-Style Trickplay using i-frame Track
- AAMP Video Engine Tune Metrics (IP_EX_TUNETIME)
- IPTV Triage Guidelines
- Triage Guidelines
- Underflow Handling & Stall Detection
- UVE APIs & ATSC Extensions for Lightning
- UVE Materials
- AAMP UVE – API
- WPE
- Sub-Systems
- Graphics and UI
- Display
- Event Management
- Home Networking
- G-Streamer
- Network
- Browser Framework
- Diagnostics
- GStreamer Analysis
- Voice
- Application Management
- RDKServices
- RDK Yocto Build Systems
- Try Out RDK
- HAL
- Resident App
- Profiles
- Vendor Porting Guide
- Hardware Deployment Guide
- RDK Broadband Documentation
- Features
- Architecture
- Components
- CcspCMAgent
- CcspCommonLibrary
- CcspCr
- CcspDmCli
- CcspEPONAgent
- CcspHomeSecurity
- CcspLMLite
- CcspMisc
- CcspMoCA
- CcspMtaAgent
- CcspPandM
- CcspPsm
- CcspSnmpPa
- CcspTr069Pa
- CcspWifiAgent
- CcspXDNS
- EthWAN
- Cellular Manager
- FirmwareSanity
- GwProvApp
- GwProvApp-ePON
- Harvester
- hotspot
- Notify Component
- Logger
- RDK Gpon Manager
- RDK Ppp Manager
- RDK VlanBridgeManager
- RDK WAN Manager
- servicemanager
- TestAndDiagnostic
- Utopia
- Webui
- WebUI Migration to jst
- Component List
- TR-181 Data Model
- Yocto Build Systems
- Try Out RDK-B
- HAL
- RDK Camera Documentation
- Device Management
- RDK Security
RDK Security
RDK continuously puts efforts to identify and prevent/mitigate several threats including unauthorized distribution, fraudulent access, and data tampering including re-direction to illicit content and Denial Of Service (DOS) attacks in the RDK based CPE. With Wi-Fi, Ethernet, MoCA, Bluetooth, and other points of ingress to the network available on all CPE, and accessible to any device with the same kind of port, a myriad of additional threats are potentially exposed. Therefore, controlling access to valuable service content, network infrastructure, personal information, Internet traffic, neighboring systems, and a multitude of in-home devices, is critical to everyone’s success throughout RDK Operators. As a result, a suite of specifications and recommendations is provided, covering broad security features such as content protection, digital rights management, software security, and more.
Security Features in RDK
There are many security features in the RDK, and the three major features in the platform are – Containerization, Access Control, and Kernel Hardening.
- Containerization is a mechanism to achieve process isolation by running a limited set of applications or services within a self-contained sandboxed environment. It is a mechanism of sandboxing processes (isolating processes from each other) by using some kernel features.
- Access Control refers to the security principle that all software processes should run with the minimum privileges needed for them to operate. A process should only have access to the data, files, interfaces, and capabilities that it needs and should not have access to data owned by other processes or to other parts of the system. Processes should not run with root privileges unless absolutely required. The access control can be achieved through security module hooks in kernel which verifies whether the user/process have access to the requested resource on each system call. Using such a standard implementation improves scalability of the stack. Some of the examples are AppArmor, SELinux, Smack, Tomoyo.
- Kernel Hardening refers to the process of strengthening the security of the operating system kernel by applying various techniques, configurations, and security measures. The goal is to decrease vulnerabilities, eliminate risks, and to strengthen kernel to prevent attacks.
Note: The aforementioned security features are by default present in RDK Video releases but are not the part of default configuration in RDK Broadband releases.